Home | Skip to Content | Skip to Search | Skip to Navigation | Skip to Footer |
Worldwide [change] |Register |About Cisco
Guest

Hierarchical Navigation

Cisco PIX Firewall Software

Cisco PIX Security Appliance Release Notes Version 8.0(3)

Downloads

Table Of Contents

Cisco PIX Security Appliance Release Notes Version 8.0(3)

Contents

Introduction

System Requirements

Memory Requirements

Software Requirements

Maximum Recommended Configuration File Size

Cisco VPN Software Interoperability

Cisco VPN Client Interoperability

Cisco Easy VPN Remote Interoperability

Determining the Software Version

Upgrading to a New Software Version

New Features

IP Address Reuse Delay

WAAS and PIX Interoperability

Caveats

Open Caveats - Version 8.0(3)

Resolved Caveats - Version 8.0(3)

End-User License Agreement

Related Documentation

Obtaining Documentation, Obtaining Support, and Security Guidelines


Cisco PIX Security Appliance Release Notes Version 8.0(3)

November 2007

Contents

This document includes the following sections:

Introduction

System Requirements

New Features

Caveats

End-User License Agreement

Related Documentation

Obtaining Documentation, Obtaining Support, and Security Guidelines

Introduction

Note The PIX 501, PIX 506/506E, and PIX 520 security appliances are not supported in software Version 8.0(3).

The Cisco PIX 500 series security appliance delivers unprecedented levels of defense against threats to the network with deeper web inspection and flow-specific analysis, improved secure connectivity through end-point security posture validation and voice and video over VPN support. It also provides enhanced support for intelligent information networks through improved network integration, resiliency, and scalability.

For more information on all the new features, see New Features.

Additionally, the adaptive security appliance software supports Cisco Adaptive Security Device Manager (ASDM). ASDM delivers world-class security management and monitoring through an intuitive, easy-to-use web-based management interface. Bundled with the security appliance, ASDM accelerates adaptive security appliance deployment with intelligent wizards, robust administration tools, and versatile monitoring services that complement the advanced integrated security and networking features offered by the market-leading suite of the security appliance. Its secure, web-based design enables anytime, anywhere access to security appliances.

System Requirements

The sections that follow list the system requirements for operating a security appliance.

Note The PIX 501, PIX 506/506E, and PIX 520 security appliances are not supported in software Version 8.0(3).

Memory Requirements

If you are using a PIX 515/515E running PIX Version 6.2/6.3, you must increase your memory before upgrading to PIX Version 8.0(3). This version requires at least 64 MB of RAM for Restricted (R) licenses and 128 MB of RAM for Unrestricted (UR) and Failover (FO) licenses. Table 1 lists the default value for the memory that ships with each security appliance and flash memory requirements for Version 8.0(3).

Table 1 Default Memory Shipped and Flash Memory Requirements 

PIX Security Appliance Model
Default Memory (MB)
Flash Memory Required (MB)

515/515E

64

16

525

128

535

512


For more information about minimum memory requirements, see the "Minimum Memory Requirements" section in the Guide for Cisco PIX 6.2 and 6.3 Users Upgrading in Cisco PIX Software Version 7.0.

Software Requirements

Version 8.0(3) requires the following:

The minimum software version required before upgrading to PIX Version 8.0(3) is PIX Version 7.2. If you are running a PIX version earlier than Version 6.2, you must first upgrade to PIX Version 6.2 or PIX Version 6.3 before you can upgrade to PIX Version 7.2.

To upgrade your PIX software image, go to the following website: http://www.cisco.com/pcgi-bin/tablebuild.pl/pix

For information on specific licenses supported on each model of the security appliance, go to the following website: www.cisco.com/go/license

If you are upgrading from a previous PIX version, save your configuration and record your activation key and serial number. For new installation requirements, go to the following website: http://www.cisco.com/pcgi-bin/tablebuild.pl/pix.

Maximum Recommended Configuration File Size

For the PIX 525 and PIX 535, the maximum supported configuration file size is 2 MB for Version 8.0(3). For the PIX 515/515E, the maximum supported configuration file size is 1 MB for Version 8.0(3). If you are using ASDM, we recommend no more than a 500 KB configuration file, because larger configuration files can interfere with the performance of ASDM on your workstation.

While configuration files up to 2 MB are supported on the PIX 525 and PIX 535, be aware that such large configuration files can reduce system performance. For example, a large configuration file is likely to noticeably slow execution times in the following situations:

While executing commands such as the write terminal and show running-config commands

Failover (the configuration synchronization time)

During a system reload

Cisco VPN Software Interoperability

Cisco VPN Series
Interoperability Comments

Cisco IOS routers

Version 8.0(3) requires Cisco IOS Release 12.3(T)T or higher running on the router when using IKE Mode Configuration on the security appliance.

Cisco VPN 3000 concentrators

Version 8.0(3) requires Cisco VPN 3000 concentrator Version 4.1 or higher for correct VPN interoperability.


Cisco VPN Client Interoperability

Cisco VPN Client
Interoperability Comments

Cisco VPN client v3.x/4x

(Unified VPN client framework)

Version 8.0(3) supports the Cisco VPN client Version 5.x or higher that runs on all Microsoft Windows platforms. This version also supports the Cisco VPN client Version 5.x or higher that runs on Linux, Solaris, and Macintosh platforms.


Cisco Easy VPN Remote Interoperability

Cisco Easy VPN Remote
Interoperability Comments

Cisco PIX Security Appliance Easy VPN remote V6.3

Version 8.0(3) Cisco Easy VPN server requires the Cisco PIX security appliance Version 6.3 Easy VPN remote that runs on the PIX 501 and PIX 506 platforms.

VPN 3000 Easy VPN remote V3.x/4x

Version 8.0(3) Cisco Easy VPN server requires the Version 3.6 or higher of the Easy VPN remote that runs on the VPN 3002 platform.

Cisco IOS Easy VPN remote Release 12.2(16.4)T

Version 8.0(3) Cisco Easy VPN server interoperates with Cisco IOS 806 Easy VPN remote Release (16.4)T.


Determining the Software Version

Use the show version command to verify the software version installed on your security appliance. Alternatively, you can view the software version on the Cisco ASDM home page.

Upgrading to a New Software Version

If you have a Cisco.com (CDC) login, you can obtain software from the following website:

http://www.cisco.com/cgi-bin/tablebuild.pl/pix

If you want to upgrade from Version 7.1.(x) to 7.2(x) or downgrade from Version 7.2(x) to Version 7.1(x), you must follow the subsequent procedure, because older versions of the security appliance images do not recognize new ASDM images, and new security appliance images does not recognize old ASDM images.

You can also use the CLI to download the image. For more information, see the "Downloading Software or Configuration Files to Flash Memory" section in the Cisco Security Appliance Command Line Configuration Guide.

To upgrade from Version 7.2.(x) to Version 8.0(3), perform the following steps:

Step 1 Load the new Version 8.0(3) image from the following website:

http://www.cisco.com/pcgi-bin/tablebuild.pl/asa

Step 2 Reload the device to upgrade to the Version 8.0(3) image.

Step 3 Copy the new ASDM Version 6.0 image from the following website:

http://www.cisco.com/pcgi-bin/tablebuild.pl/asa

Step 4 Enter the following command to tell the security appliance where to find the ASDM image:

hostname(config)# asdm image flash:/asdmfile

To downgrade from Version 8.0(3) to 7.2.(x), perform the following steps:

Step 1 Load the earlier Version 7.2(x) image from the following website:

http://www.cisco.com/pcgi-bin/tablebuild.pl/asa

Step 2 Reload the device to downgrade to the Version 7.2(x) image.

Step 3 Copy the earlier ASDM Version 5.2(x) image from the following website:

http://www.cisco.com/pcgi-bin/tablebuild.pl/asa

Step 4 Enter the following command to tell the security appliance where to find the ASDM image:

hostname(config)# asdm image flash:/asdmfile

New Features

This section lists the new feature for Version 8.0(3). All new features are supported in ASDM 6.0(2).

IP Address Reuse Delay

Delays the reuse of an IP address after it has been returned to the IP address pool. Increasing the delay prevents problems the security appliance may experience when an IP address is returned to the pool and reassigned quickly.

WAAS and PIX Interoperability

The [no] inspect waas command is added to enable WAAS inspection in the policy-map class configuration mode. This CLI is integrated into Modular Policy Framework for maximum flexibility in configuring the feature. The [no] inspect waas command can be configured under a default inspection class and under a custom class-map. This inspection service is not enabled by default.

The keyword option waas is added to the show service-policy inspect command to display WAAS statistics. 

show service-policy inspect waas

A new system log message is generated when WAAS optimization is detected on a connection. All L7 inspection services including IPS are bypassed on WAAS optimized connections.

System Log Number and Format:

%ASA-6-428001: WAAS confirmed from in_interface:src_ip_addr/src_port to out_interface:dest_ip_addr/dest_port, inspection services bypassed on this connection.

A new connection flag "W" is added in the WAAS connection. The show conn detail command is updated to reflect the new flag.

Caveats

This section lists the open and resolved caveats for Version 8.0(3).

For your convenience in locating caveats in Cisco's Bug Toolkit, the caveat titles listed in this section are drawn directly from the Bug Toolkit database. These caveat titles are not intended to be read as complete sentences because the title field length is limited. In the caveat titles, some truncation of wording or punctuation may be necessary to provide the most complete and concise description. The only modifications made to these titles are as follows:

Commands are in boldface type.

Product names and acronyms may be standardized.

Spelling errors and typos may be corrected.

Note If you are a registered cisco.com user, view Bug Toolkit on cisco.com at the following website:

http://www.cisco.com/support/bugtools

To become a registered cisco.com user, go to the following website:

http://tools.cisco.com/RPF/register/register.do

Open Caveats - Version 8.0(3)

Table 2 Open Caveats 

DDTS Number
Software Version 8.0(3)
 
 
Corrected
Caveat

CSCsf25418

No

Traceback in Thread Name: tmatch compile after assert

CSCsg71579

No

Programming assertion malloc.c:3822 on secondary after failover from pri

CSCsg99492

No

SASL GSSAPI-Kerberos authentication not happening with Sunone Server

CSCsh91747

No

SSL VPN stress cause SSL lib error. Function: DO_SSL3_WRITE

CSCsj08209

No

clear ospf process causes traceback

CSCsj25672

No

1550 block leak when running multiple tls codenomicon suites.

CSCsj28099

No

ASA can hang on certain tasks if disk is corrupt.

CSCsj32989

No

ASA traceback when running 100 user Avalanche webvpn goodput test

CSCsj83081

No

traceback after clear conf filter. eip 0x00beb377.

CSCsj84640

No

Memory leak on CRYPTO_malloc

CSCsk08454

No

ASA 8.0 fails to send TACACS request over L2L tunnel

CSCsk19065

No

Excessive High CPU and packets drops when applying ACL to an interface

CSCsk21548

No

2048 byte Block depletion related to Fragmented multicast traffic

CSCsk21641

No

Traceback in Dispatch unit related to fragmented multicast traffic

CSCsk36399

No

Traceback in PIX Garbage Collector (Old pc 0x008b619d ebp 0x0261ed60)

CSCsk36703

No

Traceback in thread name IP Thread

CSCsk36952

No

Traceback in Thread: accept/http when changing DHCP config via ASDM

CSCsk37533

No

SIP: Traceback in 7.0(7) with segmented SIP packets

CSCsk38848

No

ASA crashes in Active/Standby Routed Mode causing voice failures

CSCsk40743

No

system miss ticks when cpu-hog is present

CSCsk42958

No

Traceback in thread https_proxy

CSCsk45220

No

Regex used in CLI command filtering causes device reload

CSCsk48344

No

Inspect http is not matching server response fields

CSCsk48629

No

ASA crashes with Unicorn Proxy Thread

CSCsk55665

No

reload with panic: route_process inconsistent annotation

CSCsk60581

No

Device reload when the SIP PROTOS Suite is launched

CSCsk69537

No

Traceback in Dispatch Unit during ASDM access

CSCsk70941

No

Traceback in Thread Name: Dispatch Unit

CSCsk78634

No

ASA Traceback in thread MFIB

CSCsk84529

No

Reload with Thread Name: ssh

CSCsk88517

No

ASA stops servicing WebVPN login page

CSCsk89022

No

ASA dhcp server crashed while removing dhcpd configuration.

CSCsk89600

No

Reload in Dispatch Unit thread with ESMTP inspection enabled

CSCsk89639

No

Reload with Thread Name: Checkheaps

CSCsk90689

No

telnet to the box and vpn tunnels fail due to 0-byte block depletion

CSCsk95246

No

no router rip, followed by router rip & network cause vPifnum & tracebac

CSCsk96804

No

Traceback in Thread Name: Dispatch Unit with inspect h323

CSCsk97830

No

Traceback in thread name Dispatch Unit

CSCsl01792

No

ASA traceback in Thread Name: Dispatch Unit

CSCsl02630

No

WebVPN: Traceback in Thread Name: emweb/https

CSCsl04124

No

ASA 8.0.2 - SIP call from outside w/o sound : SIP::Error - fail to NAT

CSCsl04893

No

ASA: Traceback with threadname Dispatch Unit

CSCsl04953

No

Need to add additional support for DECNET multicast in Transparent mode

CSCsl05707

No

ASA: crash when removing h323 h225 inspection

CSCsl06247

No

ASA-0-716507: Fiber scheduler has reached unreachable code causes outage

CSCsl07386

No

WebVPN: Traceback in Thread Name: vpnfol_thread_sync at failover sync

CSCsl08970

No

Downgrade from 8.0.2 to 7.2.3.5 can cause traceback

CSCsl10562

No

DAP_TRACE: Username: fatemeh, Selected DAPs: <error>

CSCsl11435

No

telnet over VPN hangs when ASA failover occurs

CSCsl11572

No

Traceback - emweb/https - Watchdog Timeout in 0x00909c3d:_vpn_put_uauth

CSCsl12010

No

flash memory corruption issues

CSCsl17136

No

ASA-PIX: H323 Video breaks with inspection enabled.

CSCsl17381

No

ASA crashes with Thread Name: CTM message handler

CSCsl18071

No

Windows Media Player can not play media file with/without L-2-L Ipsec

CSCeh98117

No

Tunnel-group/ldap-login passwords in cleartext when viewed with more

CSCsf07135

No

ASDM connection may cause packet loss

CSCsh78681

No

In use memory count displayed incorrectly

CSCsh79097

No

Syslog message displaying reason why flow is closed by ESMTP inspection

CSCsi49983

No

Periodic HW crypto errors 402123 & 402125 see with L2TP/IPSEC

CSCsi79159

No

admin connections via management-access fail

CSCsi94163

No

PPPOE connection does not renegotiate immediatly after short disconnect

CSCsj02948

No

%ASA-4-402124: CRYPTO: The ASA hardware accelerator encountered an error

CSCsj07428

No

Idle IPSEC connections not closing out

CSCsj61214

No

Lower cpu-hog syslog 711002 from Level 7 to Level 4

CSCsj71788

No

Slow response when entering commands via Telnet

CSCsk00089

No

ASA 7.2 : Firewall-MIB : no snmp object for failover lan int status

CSCsk10088

No

LDAPS / LDAP over SSL suddenly stops working

CSCsk14532

No

ASA - FTP Type Mount remains inaccessible if FTP server goes offline

CSCsk14695

No

WebVPN with SDI in new pin mode does not prompt user

CSCsk18083

No

nat exemption access-list not checked for protocol or port when applied

CSCsk18084

No

cikeTunnelTable does not populate for some of the ISAKMP SA's.

CSCsk19485

No

syslog TCP_CONN_END shows Reset-O for ASA generated TCP RST

CSCsk29306

No

ASA 8.0 - Error Contacting Host error when accessing CIFS Shares

CSCsk30698

No

PIX/ASA may stop generating syslogs all together

CSCsk33310

No

PIX SIP fixup does not correctly open RTP conns using NAT 0

CSCsk34404

No

Multicontext mode: static nat overlap check not valid when no classifier

CSCsk40210

No

Auth-Proxy DACLs may become stale and impossible to delete

CSCsk42595

No

ASA:: 2 Factor Authentication with Password-Management Fails for SSL VPN

CSCsk47949

No

ASDM hangs at 47% if packet losses on the network

CSCsk47999

No

TCP session stays half-open when FIN sequence problem.

CSCsk48355

No

ISAKMP SA stuck in AM_WAIT_DELETE after ASA upgrade

CSCsk48377

No

Clear Xlate doesn't clear for a host in a static entry

CSCsk49506

No

Local-host for u-turn traffic on lowest sec level used for license limit

CSCsk50537

No

ASA Javascript error with webvpn and mail server (SUN iPlanet)

CSCsk54728

No

Citrix applications do not close automatically when Logging off WebVPN

CSCsk64428

No

High CPU when polling VPN MIBs via SNMP

CSCsk65211

No

ASA5505 inside interface w/23bit or smaller subnet mask becomes unstable

CSCsk65788

No

FO: Webvpn customization import not replicated to Standby device

CSCsk65940

No

crashinfo file corrupted, extra text appended to bottom

CSCsk71006

No

ipv6 acl don't have acl options when using MPF

CSCsk71413

No

Traceback: chunk memory corruption with caller occam_arena__get_block.

CSCsk73047

No

Crash in Thread Name: IKE Receiver

CSCsk75944

No

ASA configuration of NTP - NTP process fails to initialise

CSCsk80789

No

RTSP inspection changes Media Player version to 0.0.0.0

CSCsk84107

No

Standby uses active sub-interface ip address after enabling monitoring

CSCsk88563

No

Answers to DHCPINFORM packets use wrong destination MAC address

CSCsk89474

No

URL filtering not performed for u-turn vpn traffic

CSCsk91598

No

Sip inspection on ASA fails to NAT record-route entries in invite packet

CSCsk93067

No

no management-access Inside still allows telnet over IPSec tunnel

CSCsk94835

No

UDP SIP not being inspected by default-inspection-class

CSCsk97671

No

VPN client with NULL Encryption L2TP-IPSec behind NAT drops on 71st sec

CSCsl02675

No

ASDM>Tools> ping fails when entering hostname in IP address field

CSCsl02821

No

VPN tunnel might not reestablish after failover

CSCsl03839

No

WebVPN does not modify URLs in Sharepoint .iqy files

CSCsl04448

No

Cannot remove url-server despite having removed url-block cmd in 7.2.3

CSCsl04900

No

SIP invite fixup'd with name rather than IP address

CSCsl05751

No

Citrix with Client Detection is not working

CSCsl05777

No

Citrix Apps hanging when opening multiple Apps

CSCsl08857

No

warning message with certificate based authentication

CSCsl10052

No

new L2TP sessions are denied after %ASA-4-403103 is seen in the logs

CSCsl11321

No

ASA doesn't send coldStart trap when speed/duplex is fixed as 100/full

CSCsl14914

No

webvpn rewriter causing webpage to fail with Cisco clientless webvpn

CSCsl15013

No

DHCPrelay broken with 2 DHCPrelay servers when second one out of service

CSCsl16873

No

CSD version 3.2 installed on ASA shows some unwanted garbage characters

CSCsl17191

No

PIX/ASA PMTUD: ICMP type 3 code 4 uses wrong source interface

CSCsl18668

No

last configured dhcprelay server shows up first in configuration


Resolved Caveats - Version 8.0(3)

Table 3 Resolved Caveats 

DDTS Number
Software Version 8.0(3)
 
 
Corrected
Caveat

CSCeg00330

Yes

DHCP relay: ACK in reply to INFORM may be dropped

CSCsb45561

Yes

standby instead of active keeps sending register to RP after failover

CSCsc98412

Yes

Pix console accounting doesn't appear in ACS Logged-In User report

CSCsd51407

Yes

Dual ISP fails after failover, routing table have stale routes

CSCsd65922

Yes

webvpn acls should allow wilcard * hostnames

CSCse31519

Yes

OCSP: CRL checking of externally signed responder cert fails

CSCse99033

Yes

tracked route removed from Standby firewall after failover

CSCsf30571

Yes

Traceback in ssh_init

CSCsg16149

Yes

data sent with Active MAC after switchover to standby

CSCsg25616

Yes

ASA put PATed src port in ICMP (type3, code4)

CSCsg43591

Yes

SCP connection to PIX fails

CSCsg52106

Yes

Embryonic value -1 under syslog and count to host = 42949672

CSCsg61719

Yes

SNMP: Coldstart Trap is not sent

CSCsg78524

Yes

NT Authentication (NTLM) is attempted three times with a bad password

CSCsg93050

Yes

Inspect DCERPC failure. Packet too small error

CSCsg96150

Yes

dependence between sysopt connection permit-vpn and management commands

CSCsg96247

Yes

ASA traceback - RSA keypair generation SSH function calls

CSCsg96351

Yes

http regex matching fails to match http:\/\/

CSCsg99807

Yes

ICMP (type3, code4) is not sent after learning PMTU

CSCsh21984

Yes

When out of available URL requests, future HTTP GETs dropped silently

CSCsh22262

Yes

FTP authen fails if trailing <cr> exists in banner & aaa proxy enabled

CSCsh23012

Yes

data received after static pat is removed causes traceback

CSCsh23318

Yes

When a pending URL request times out the Buffered traffic is lost

CSCsh23865

Yes

Nailed Static configuration doesnt appear in config

CSCsh26607

Yes

'inspect skinny' drops/corrupts packets with high network latency

CSCsh32241

Yes

Block size 256 depletion causing failover issues

CSCsh33290

Yes

Transparent FW passes arp requests from standby, causing arp problems

CSCsh35715

Yes

ESMTP inspection drops emails with special characters in the email addr

CSCsh36387

Yes

ASA 5510 7.2.2 / traceback in Thread Name: IKE Daemon

CSCsh40829

Yes

LDAP: multiple Cisco-AV-Pair need to be enforced on vpn-session

CSCsh41155

Yes

ASA h323 inspect corrupts q931 packet

CSCsh41496

Yes

ldap-login-dn requires full path name of admin user

CSCsh44467

Yes

Static ARP Entry Removed From the Configuration and ARP Table

CSCsh45414

Yes

ASA Radius state machine reuses state attribute from failed auth

CSCsh46436

Yes

Radius NAS-Port-Type not sent in SSH authentication request

CSCsh48962

Yes

Duplicate ASP table entry causes FW to encrypt traffic with invalid SPI

CSCsh53246

Yes

Traceback when specifying ldap port.

CSCsh53603

Yes

Unable to resolve ARP entry for a directly connected host

CSCsh54016

Yes

PIX 7.2.2 memory degradation

CSCsh55107

Yes

DHCP relay fails when static translation for all hosts configured

CSCsh56084

Yes

ASA CIFS over WebVPN : file created on server but write operation fails

CSCsh56439

Yes

Multicast: Crash in Thread Name: MFIB

CSCsh58003

Yes

IPCP not coming up when using 'ip address pppoe'

CSCsh59098

Yes

Traceback at ThreadName:Unicorn Proxy Thread(pc 0x00c5a9a4 ebp 0x0dd71cc

CSCsh60896

Yes

ESMTP inspection hogging CPU

CSCsh62358

Yes

CTIQBE Fixup does not work with Call Manager 4.2.1

CSCsh65168

Yes

group policy name cannot contain spaces

CSCsh66209

Yes

Traceback at Thread Name: Dispatch Unit(Old pc 0x00218f77 ebp 0x018724a8

CSCsh66576

Yes

L2TP: Connectivity issues with 1500 established sessions

CSCsh66814

Yes

SIP pinhole for inbound INVITE timesout before expires in outbound REGIS

CSCsh67105

Yes

ASA 7.2(2): high cpu usage with DHCP assigned IP addresses

CSCsh68174

Yes

Print warning when logging ftp-bufferwrap CLI is configured

CSCsh74009

Yes

Show/Clear uauth command will not work for username with spaces.

CSCsh74885

Yes

Traceback in thread accept/ssh_131071

CSCsh80968

Yes

ASA traceback through memory corruption

CSCsh81111

Yes

Denial-of-Service in VPNs with password expiry

CSCsh82130

Yes

Command authorization for clear fails for priv level lower than 15

CSCsh83148

Yes

Tcp Timestamp unexpectedly set to 0 for flows reordered by the firewall

CSCsh83925

Yes

ASA traceback in Thread Name: EAPoUDP

CSCsh86334

Yes

Syslog 199002 not sent to external syslog server on bootup

CSCsh86444

Yes

VPN: TCP traffic allowed on any port with management-access enabled.

CSCsh86796

Yes

Process qos_metric_daemon hogging CPU

CSCsh89816

Yes

ASA in transparent mode: answer-only vpn, but can still intiate VPN

CSCsh90659

Yes

Traceback: Thread Name:vpnlb_thread in standby after taking active role

CSCsh91283

Yes

Inspect SunRPC drops segmented packets

CSCsh96817

Yes

L2TP: Can not connect more than one Vista client at the same time

CSCsh97584

Yes

video connection through ASA fails

CSCsh97976

Yes

show int ip brief shows incorrect line protocol status

CSCsh98679

Yes

ASA: WCCP packets redirected stops incrementing after 2-3 mins

CSCsh98791

Yes

OCSP with CA signed responder cert failing verification check

CSCsi01498

Yes

ESMTP inspect cannot handle content-type string in DKIM headers

CSCsi03576

Yes

Webvpn: OWA 2000 replies/forwards fail after upgrading to latest hotfix

CSCsi05471

Yes

webvpn crash with citrix

CSCsi05768

Yes

ASA: DPD thresholds over 300 are not accepted for remote access

CSCsi07349

Yes

SAA/tracking traceback under specific CLI sequence

CSCsi08103

Yes

command author does not mark aaa-server dead when TACACS unavailable

CSCsi08317

Yes

PIX using Authentication Proxy and Wildcard causes Certificates error

CSCsi08957

Yes

SNMPv2-SMI enterprises.3076.2.1.2.26.1.2.0 not showing actual connection

CSCsi10396

Yes

ASA crashes at Thread Name: emweb/https while file uploading >1MB

CSCsi10466

Yes

SIP inspect fails for INVITE where display name contains string 'tel'

CSCsi11941

Yes

When URL filtering is enabled Streaming Media loads slowly

CSCsi13865

Yes

SNMP in multi-mode creates message vPif_getVpif: bad vPifNum

CSCsi15805

Yes

SNMP interface counters incorrect on ASA-5505

CSCsi17946

Yes

Traceback in Thread Name: accept/http while doing 'wr mem' in ASDM

CSCsi18097

Yes

Deleted SNMP command reappear after failover

CSCsi18736

Yes

IPSec RA session not replicated to standby if addr pool in group policy

CSCsi20384

Yes

ASDM: 5.2 and 6.0 does not display historic graphs for Blocks

CSCsi21431

Yes

Traceback in Thread Name: IP Address Assign

CSCsi21595

Yes

Watch dog timeout crash due to large# of vlans cfgd on the 4GE port

CSCsi23369

Yes

VPNLB master may lose communication with cluster member

CSCsi23740

Yes

ESMTP inspect does not match content-type properly in mail headers

CSCsi24458

Yes

DHCP Client unable to obtain IP address because of Client-ID

CSCsi27609

Yes

ASA may drop subsequent requests on INVITE dialog

CSCsi27755

Yes

ASA 7.2.2.16 Traceback in Thread Name: emweb/https

CSCsi31386

Yes

ASA OSPF router-id swap between multiple process after reboot

CSCsi34289

Yes

Traceback in Thread Name: ddns_update_process with DDNS update

CSCsi35603

Yes

L2TP/IPSec sessions hanging when authenticating with EAP

CSCsi35943

Yes

FO: WebVPN Customization/webcontent fails when Failover is initiated

CSCsi35953

Yes

Asa 7.2 webvpn session with certif cannot establish when CN contains /

CSCsi36169

Yes

WebVPN: Aware server becomes unresponsive

CSCsi39924

Yes

standby unit reloads when 'show access-list' is issued

CSCsi40553

Yes

Asa 7.2.2 Failover : the secondary gets a modified config from the prima

CSCsi41717

Yes

PIX/ASA Cannot Parse Large URI in SIP message

CSCsi41976

Yes

Jitter for established connection when compiling ACE's

CSCsi42073

Yes

ASA boot time around 4 hours when ACE config is very long

CSCsi42140

Yes

WebVPN: JavaScript menu is not expandable

CSCsi42338

Yes

PIX/ASA aaa authentication does not work over VPN tunnel : NT,LDAP,SDI

CSCsi43722

Yes

ASA - MGCP inspection drops part of piggybacked MGCP messages

CSCsi43813

Yes

SVC clients are unable to connect to the standby after ASA failover

CSCsi46292

Yes

SNMP coldstart trap not sent in failover scenario

CSCsi46497

Yes

Verisign certificate lost after ASA is reloaded.

CSCsi46950

Yes

npdisk password recovery does not work with multicontext mode

CSCsi47110

Yes

vpn-simultaneous-logins 0 denies management access to the ASA

CSCsi48208

Yes

assertion hdr->dispatch_last < NELTS(hdr->dispatch)

CSCsi51600

Yes

Misleading prompt with radius/sdi authentication on 7.2.2

CSCsi52370

Yes

WCCP may result in 1550 block depletion & sends GRE packets >1500

CSCsi53577

Yes

OSPF goes DOWN after reload of VPN Peer

CSCsi54132

Yes

Not getting syslog 302010 message

CSCsi55798

Yes

assert in webvpn functionality as CRLF not detected where expected

CSCsi56605

Yes

TCP connection opened for WebVPN on non WebVPN enabled interfaces.

CSCsi57504

Yes

Traceback in Dispatch Unit when no route for nat traffic from SSM

CSCsi58109

Yes

ASA requests username/password until next available aaa server found

CSCsi59403

Yes

Standby: Traceback Thread Name: fover_parse with fover and ifc mac cfgd

CSCsi60580

Yes

WebVPN: Incorrect rewriting of VBScript's parent.window.location.hr

CSCsi62588

Yes

Traceback in Thread Name: aaa

CSCsi63099

Yes

ASA traceback w/ Thread Name: Unicorn Proxy Thread

CSCsi65122

Yes

Overlapping static with NAT exemption causes xlate errors on standby

CSCsi68911

Yes

ASA may traceback when pushing rules from SolSoft - corrupted conn_set_t

CSCsi72224